From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Monitoring data loss using traffic profiles

Monitoring data loss using traffic profiles

From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Start my 1-month free trial

Monitoring data loss using traffic profiles

- [Instructor] Today's networks face numerous threats such as malware, port scanning, covert channels and data exfiltration. Every year hackers release millions of new virus signatures. Unknown signatures and polymorphic viruses can escape detection. In fact, in nearly 7% of cases, the breach goes undiscovered more than a year. That is why traffic analysis at the packet level is necessary as it can identify many different threats and attacks that could remain unnoticed by anti-malware software. It's essential to understand what your network looks like when it's healthy so you can determine if it's sick. That's what baselining is all about. A baseline is a snapshot of network traffic during a particular window of time using packet analysis software such as Wireshark or TShark. Characteristics can include utilization, network protocols and latency issues. The network team can use the baselines for forecasting and…

Contents